jwatzman
commented
8 years ago This is something we'll have to take up with OSUOSL at some point. FWIW we do provide a GPG key that signs the packages.
Closed J0WI closed 6 years ago
jwatzman
commented
8 years ago This is something we'll have to take up with OSUOSL at some point. FWIW we do provide a GPG key that signs the packages.
J0WI
commented
8 years ago GPG is fine to check plausibility, but https gives additional privacy, because others can't see exactly what you are downloading/searching for.
bauerj
commented
8 years ago FWIW, one of the repository mirrors, https://hhvm.bauerj.eu/ (:innocent:) supports HTTPS.
fredemmott
commented
6 years ago This is in progress, waiting for CA approval.
fredemmott
commented
6 years ago Done for https://dl2.hhvm.com
When 3.23 is released, I'll change dl.hhvm.com to point at dl2.hhvm.com too (the certificate is valid for both)
If you decide to use this immediately, there's also a new GPG key for the apt repositories:
Let's encrypt the web!